Flagstar Bank third-party breach affects more than 800,000 customers

In Data Breach News, Finance
October 09, 2023

Bleeping Computer reports Flagstar Bank in Michigan is notifying 837,390 customers whose personal information, including Social Security numbers, was acquired by the Clop hacking gang in May. The breach was not of Flagstar’s systems but at FISERV, a vendor they use for payment processing and mobile banking services. FISERV was one of thousands of entities compromised by a 0-day attack on MOVEit file transfer software.

This is not the first breach by Clop involving file transfer software that has affected Flagstar customers. In 2021, the bank disclosed a breach involving Accellion file transfer software. After that incident, the bank stopped using Accellion.

Read more at Bleeping Computer. Emsisoft continues to maintain a running total of the number of breached entities and individuals affected by the MOVEit breach.